Date: Dec 9, 2012

Juniper SSG-140: NAT Example Configuration - How to open up a Remote Desktop port from a public NAT'd address to a private address in the trusted network - MIP - ScreenOS



Scenario:

Nat Public IP address 100.100.100.100
Private server IP address 192.168.1.2
You need to open up RDP (Remote Desktop - TCP Port 3389) from the public address to the private address using MIP (Mapped IP)

Solution:

RDP Port is not in the list of pre-defined ports on the SSG so you need to create that custom port/element. You would not need to do this if the port is already defined so this step is not always necessary.

Login to SSG, go to Policy, Policy Elements, Services, Custom, choose New
For Service Name choose RDP
Transport Protocol: TCP
Source Port (leave default), low = 0 and high 65535
Destination Port, low =3389 and high=3389

Then after that create a new port group

Go to Policy, Policy Elements, Services, Group, add a new group and call it RDP-Port. Add the RDP port name above to the this new group

Go to Network, Interfaces and edit the public/untrust Interface, click MIP then click New
In Mapped IP 100.100.100.100
Host IP 192.168.1.2
Mask 255.255.255.255
Host Virtual Router Name choose trust-vr

Now create the policy

Click Policy, Policies
Create a new policy FROM Untrust TO Trust
Give it a name like RDP-Policy
Source choose Any
Destination, from the drop down menu pick the new MIP you just created
Service choose the RDP service you created above

If you find this article helpful, please click to like our facebook page below so we can keep on adding quality hands-on articles.

















Boston IT Services:

Facebook Twitter Google+
bostonIT - 225 Franklin Street Suite 2600, Boston MA 02110. Phone (617) 536-5111.
@ Boston IT, Inc. -- IT Service and Support Company Boston MA -- Disclaimer